Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A system that provides access to a database comprising a first table comprising a relational field comprising values that reference records of a second table of the database, the system comprising: a processor; and a memory storing instructions that, when executed by the processor, cause the system to: receive a request comprising a query to select a record of the first table, where the record includes, for the relational field, a value that references a record of the second table; identify a context of the request, wherein the context is supplemental to the query; determine that the context of the request is not associated with access to the second table; in response to the determination that the context of the request is not associated with access to the second table, generate a response that substitutes, for the value that references the record of the second table, a substitute value that does not reference any record of the second table; and providing the response in response to the request.
This invention relates to database systems that manage relational data, specifically addressing security and access control challenges in querying relational databases. The system provides controlled access to a database containing at least two tables, where one table (the first table) includes a relational field that references records in another table (the second table). The system processes queries to select records from the first table, analyzing the query context to determine whether the requestor should have access to the referenced records in the second table. If the context indicates the requestor lacks permission to access the second table, the system modifies the response by replacing the relational field's reference value with a substitute value that does not expose any records from the second table. This ensures data security by preventing unauthorized access to related records while still allowing partial access to the queried table. The system dynamically evaluates each request's context, such as user permissions or application requirements, to enforce access control policies without requiring explicit user input or manual configuration. This approach enhances database security by automatically filtering sensitive relational data based on contextual access rights.
2. The system of claim 1 , wherein the instructions, when executed by the processor, cause the system to: for contexts of respective requests, identify a context-specific substitute value for the relational field when requested in the context; and wherein providing of the record further comprises: responsive to a request in a context in which access to the second table is not permitted: identification of the context-specific substitute value of the relational field for the context of the request; and provision of the record responsive to the query with the context-specific substitute value for the relational field.
This invention relates to data management systems that handle relational databases with context-specific access controls. The problem addressed is ensuring data integrity and security when different users or applications require access to relational fields that may contain sensitive or restricted information, depending on the context of the request. The system processes queries for records that include relational fields referencing data in a second table. When a request is made in a context where access to the second table is restricted, the system identifies a context-specific substitute value for the relational field. This substitute value is determined based on the specific context of the request, such as the user's permissions, the application making the request, or other contextual factors. The system then provides the requested record with the substitute value in place of the original relational field, ensuring that the data remains secure while still delivering a functional response. The substitute value may be a predefined value, a placeholder, or a derived value that maintains the structural integrity of the record without exposing restricted data. This approach allows the system to enforce access controls dynamically, adapting to different contexts without requiring manual intervention or modifying the underlying database structure. The solution ensures that queries return valid records while respecting access restrictions, improving both security and usability in relational database environments.
3. The system of claim 1 , wherein identification of the substitute value further comprises: for a particular context, storing, in the table, a context-specific copy of the record that is provided for requests in the particular context, and for respective contexts that are not permitted to access the second table, storing the substitute value for the relational field in the context-specific copy of the record; and providing the records further comprises: responsive to a request in a specific context, provide the context-specific copies of the record that is responsive to the query and for the specific context of the request.
This invention relates to a data management system that controls access to sensitive information in relational databases by providing context-specific data copies. The system addresses the challenge of ensuring data privacy and security while allowing different users or applications to access only the information they are permitted to see. The core system maintains a primary table containing original records with relational fields, some of which may contain sensitive data. A second table stores substitute values for these sensitive fields, allowing the system to replace sensitive data with non-sensitive alternatives when necessary. The system further enhances this by creating context-specific copies of records. For each context (e.g., user role, application, or security level), the system stores a modified version of the record where sensitive fields are replaced with substitute values if the context is not authorized to access the original data. When a query is made, the system provides the context-specific copy of the record that matches the requester's context, ensuring that only appropriate data is returned. This approach allows fine-grained access control without altering the original data, maintaining data integrity while enforcing security policies.
4. The system of claim 3 , wherein the instructions, when executed by the processor, cause the system to: responsive to updating an updated value of a non-relational field of the record represented by at least two context-specific copies, propagate the updated value of the non-relational field to all context-specific copies of the record.
This invention relates to data management systems for handling non-relational data fields in records that are replicated across multiple context-specific copies. The problem addressed is ensuring data consistency when a non-relational field of a record is updated, particularly in systems where the same record exists in multiple context-specific versions. Non-relational fields, unlike relational database fields, do not inherently enforce referential integrity or automatic propagation of updates across related records. The invention provides a solution by automatically propagating updates to a non-relational field from one context-specific copy of a record to all other context-specific copies of that record. This ensures that all versions of the record remain synchronized with the latest field value, preventing inconsistencies that could arise from manual updates or lack of propagation mechanisms. The system includes a processor and instructions that, when executed, detect updates to non-relational fields and trigger the propagation process. This approach is particularly useful in distributed systems, multi-tenant environments, or applications where records are customized for different contexts but must maintain consistency in certain fields. The invention improves data reliability and reduces the risk of errors caused by outdated or conflicting field values across different copies of the same record.
5. The system of claim 3 , wherein storage of the context-specific copy of the record further comprises: partitioning the record into a non-protected portion and the relational field; and storing the record as: one copy of the non-protected portion of the record, and context-specific copies of the relational field for the respective contexts; and providing the records further comprises: responsive to receiving a request in a selected context, for the respective records that are responsive to the query, providing: the one copy of the non-protected portion of the record; and the context-specific copy of the relational field according to the selected context of the request.
This invention relates to a data management system that handles context-specific access to relational database records. The problem addressed is the need to store and retrieve relational data in a way that allows different contexts to access different versions of the same relational field while maintaining a single copy of the non-protected portion of the record. The system partitions each record into a non-protected portion and a relational field. The non-protected portion is stored as a single copy, while the relational field is stored as multiple context-specific copies, each tailored to a different context. When a query is received in a specific context, the system provides the single copy of the non-protected portion along with the context-specific version of the relational field that matches the request's context. This approach ensures that the non-protected data remains consistent across all contexts, while the relational field can vary based on the context of the request. The system efficiently manages storage by avoiding redundant copies of the non-protected portion while supporting context-aware data retrieval. This is particularly useful in applications where the same relational data must be presented differently depending on the user's role, permissions, or other contextual factors.
6. The system of claim 5 , wherein: respective access modes are applicable only to tables that satisfy at least one access mode condition; and storage of the access mode further comprises: responsive to the configuration selection of the access mode, storage of the access mode for the relational field in the database configuration only after verifying that the table satisfies the access mode condition of the access mode.
A database system manages access to relational tables by applying specific access modes, such as read-only or write-only, to tables that meet predefined conditions. The system ensures that an access mode is only stored in the database configuration if the target table satisfies the corresponding access mode condition. For example, a read-only mode may only be applied to tables that meet certain data integrity or security criteria. The system verifies these conditions before storing the access mode, preventing invalid configurations. This approach enhances data security and integrity by restricting access modes to tables that comply with the required conditions, reducing the risk of unauthorized modifications or data breaches. The system dynamically checks these conditions during configuration, ensuring that access modes are only applied to appropriate tables. This method improves database management by enforcing access controls based on table-specific conditions, rather than applying uniform restrictions across all tables. The system may also include additional features, such as user authentication and role-based access control, to further secure database operations.
7. The system of claim 1 , wherein the instructions, when executed by the processor, cause the system to: indicate an access mode for the relational field, wherein the access mode is selected from an access mode set comprising: a single-record master context access mode, and a duplicate-record access mode; and based on a configuration selection of an access mode for a relational field of a table, store, in a configuration of the database, the access mode for the relational field of the table.
This invention relates to database systems, specifically to managing relational fields in a database to control access modes for data records. The problem addressed is the need for flexible access control in relational databases, particularly when handling fields that may reference single records or multiple duplicate records. The system includes a database with tables containing relational fields that link to other records. The system allows configuration of an access mode for each relational field, where the access mode determines how the field interacts with the referenced records. Two access modes are defined: a single-record master context access mode, which restricts the field to reference only one master record, and a duplicate-record access mode, which permits the field to reference multiple duplicate records. The system stores the selected access mode in the database configuration, ensuring consistent enforcement of the access rules during data operations. This configuration-based approach enables dynamic control over relational field behavior, improving data integrity and flexibility in database applications. The system ensures that relational fields adhere to predefined access constraints, preventing unauthorized or inconsistent record references. The stored configuration allows administrators to adjust access modes without modifying the underlying database schema, simplifying maintenance and adaptation to changing requirements.
8. A computer-readable storage medium storing instructions that cause a system to provide access to a database comprising a first table comprising a relational field comprising values that reference records of a second table of the database, by: receiving a request comprising a query to select a record of the first table, where the record includes, for the relational field, a value that references a record of the second table; identifying a context of the request, wherein the context is supplemental to the query; determine that the context of the request is not associated with access to the second table; in response to the determination that the context of the request is not associated with access to the second table, generating a response that substitutes, for the value that references the record of the second table, a substitute value that does not reference any record of the second table; and providing the response in response to the request.
This invention relates to database access control in relational databases, specifically addressing security and privacy concerns when handling relational fields that reference records in other tables. The system provides controlled access to a database containing at least two tables, where a first table includes a relational field with values that reference records in a second table. When a request is received to select a record from the first table, the system evaluates the context of the request, which includes supplemental information beyond the query itself. If the context indicates that the request should not have access to the second table, the system modifies the response by replacing the relational field's reference value with a substitute value that does not reference any record in the second table. This ensures that sensitive or restricted data in the second table is not exposed to unauthorized requests, while still allowing access to the first table's data. The solution enhances data security by dynamically filtering relational references based on contextual access permissions, preventing unintended exposure of related records.
9. The computer-readable storage medium of claim 8 , wherein the instructions further cause the system to: for contexts of respective requests, identify a context-specific substitute value for the relational field when requested in the context; and wherein providing of the record further comprises: responsive to a request in a context in which access to the second table is not permitted: identification of the context-specific substitute value of the relational field for the context of the request; and provision of the record responsive to the query with the context-specific substitute value for the relational field.
This invention relates to data access control in relational databases, specifically addressing the challenge of maintaining data integrity and security while allowing context-specific access to relational fields. The system dynamically substitutes restricted relational field values with context-specific alternatives when access to the referenced table is not permitted. The method involves storing records in a first table that include relational fields referencing records in a second table. When a query requests a record from the first table, the system evaluates the context of the request. If the context lacks permission to access the second table, the system identifies a context-specific substitute value for the relational field and provides the record with this substitute value instead of the original relational reference. This ensures that data relationships remain functional while enforcing access restrictions, preventing unauthorized exposure of sensitive data from the second table. The substitution process is automated, ensuring seamless integration with existing database operations without requiring manual intervention. The solution is particularly useful in multi-tenant or role-based access control environments where different users or applications require varying levels of data visibility.
10. The computer-readable storage medium of claim 8 , wherein identification of the substitute value further comprises: for a particular context, storing, in the table, a context-specific copy of the record that is provided for requests in the particular context, and for respective contexts that are not permitted to access the second table, storing the substitute value for the relational field in the context-specific copy of the record; and providing the records further comprises: responsive to a request in a specific context, provide the context-specific copies of the record that is responsive to the query and for the specific context of the request.
This invention relates to data management systems that handle sensitive or restricted information in relational databases. The problem addressed is ensuring that different users or applications, operating in different contexts, only access data they are authorized to view, while maintaining a single source of truth for the underlying data. The system stores relational data in a primary table and uses a secondary table to manage substitute values for sensitive fields. For each context (e.g., user role, application environment), the system creates context-specific copies of records. If a context lacks permission to access certain fields in the secondary table, the system replaces those fields with substitute values in the context-specific copies. When a query is received, the system provides only the context-specific copies of records that match the query and are permitted for the requesting context. This ensures that unauthorized users or applications never see sensitive data, while authorized users receive accurate, unmodified records. The approach improves data security by enforcing context-based access control at the record level, preventing unauthorized exposure of sensitive information while maintaining data integrity. The system dynamically generates context-specific views of records, ensuring that each requester receives only the data they are permitted to access.
11. The computer-readable storage medium of claim 10 , wherein the instructions further cause the system to: responsive to updating an updated value of a non-relational field of the record represented by at least two context-specific copies, propagate the updated value of the non-relational field to all context-specific copies of the record.
This invention relates to data management systems, specifically handling non-relational data fields in records that exist in multiple context-specific copies. The problem addressed is ensuring data consistency across these copies when a field is updated, preventing discrepancies that could arise from independent modifications. The system involves a computer-readable storage medium containing instructions that, when executed, manage records with non-relational fields. These records are represented by at least two context-specific copies, meaning the same record data is stored in different contexts or environments (e.g., different applications, user views, or system partitions). The system detects updates to a non-relational field of a record and automatically propagates the updated value to all context-specific copies of that record. This ensures that all copies remain synchronized, maintaining data integrity across different contexts. The propagation process is triggered by the update event, ensuring real-time or near-real-time consistency. The solution is particularly useful in distributed systems, multi-tenant applications, or any scenario where the same record data must be maintained in multiple isolated or context-specific instances. By automating the propagation, the system reduces the risk of manual errors and inconsistencies that could occur if updates were applied selectively or delayed.
12. The computer-readable storage medium of claim 10 , wherein storage of the context-specific copy of the record further comprises: partitioning the record into a non-protected portion and the relational field; and storing the record as: one copy of the non-protected portion of the record, and context-specific copies of the relational field for the respective contexts; and providing the records further comprises: responsive to receiving a request in a selected context, for the respective records that are responsive to the query, providing: the one copy of the non-protected portion of the record; and the context-specific copy of the relational field according to the selected context of the request.
This invention relates to data storage and retrieval systems, specifically addressing the challenge of managing context-specific relational data while maintaining efficiency and security. The system stores records in a database where each record contains a relational field that varies depending on the context in which the data is accessed. To optimize storage and retrieval, the system partitions each record into a non-protected portion and a relational field. The non-protected portion is stored as a single copy, while the relational field is stored as multiple context-specific copies, each tailored to a different access context. When a query is received in a specific context, the system retrieves the single copy of the non-protected portion and the context-specific copy of the relational field that matches the request's context. This approach reduces redundant storage of identical data while ensuring that relational fields are contextually accurate. The system is particularly useful in applications where data must be dynamically adapted to different user roles, permissions, or environmental conditions without duplicating the entire record. The method ensures efficient storage and retrieval by minimizing data redundancy while preserving context-specific integrity.
13. The computer-readable storage medium of claim 8 , wherein the instructions further cause the system to: indicate an access mode for the relational field, wherein the access mode is selected from an access mode set comprising: a single-record master context access mode, and a duplicate-record access mode; and based on a configuration selection of an access mode for a relational field of a table, store, in a configuration of the database, the access mode for the relational field of the table.
This invention relates to database systems, specifically managing relational fields in a database to control access modes for data records. The problem addressed is the need to efficiently manage how relational fields are accessed, particularly when dealing with single-record master contexts versus duplicate records, to ensure data integrity and proper access control. The system involves a computer-readable storage medium containing instructions that, when executed, configure a database to handle relational fields with different access modes. The access mode for a relational field can be set to either a single-record master context access mode or a duplicate-record access mode. The single-record master context access mode restricts access to a single master record, ensuring that only one record can be accessed or modified at a time, which is useful for maintaining consistency in critical data. The duplicate-record access mode allows multiple records to be accessed or modified simultaneously, which is useful for scenarios where multiple instances of similar data need to be processed independently. The system stores the selected access mode for a relational field in the database configuration, ensuring that the access rules are consistently applied whenever the field is accessed. This configuration allows database administrators to define access policies based on the nature of the data and the operational requirements, improving data management and reducing the risk of conflicts or inconsistencies. The invention enhances flexibility in database operations while maintaining control over how relational fields are accessed.
14. A method of providing access to a database comprising a first table comprising a relational field comprising values that reference records of a second table of the database, by: receiving a request comprising a query to select a record of the first table, where the record includes, for the relational field, a value that references a record of the second table; identifying a context of the request, wherein the context is supplemental to the query; determining that the context of the request is not associated with access to the second table; in response to the determination that the context of the request is not associated with access to the second table, generating a response that substitutes, for the value that references the record of the second table, a substitute value that does not reference any record of the second table; and providing the response in response to the request.
This invention relates to database access control, specifically managing relational field references in queries to restrict access to certain tables. The problem addressed is preventing unauthorized access to related data in a database while still allowing queries on a primary table. The system processes a query requesting a record from a first table that contains a relational field referencing a record in a second table. The method evaluates the request context, which includes supplemental information beyond the query itself, to determine if the requester should have access to the second table. If the context indicates no access to the second table is permitted, the system modifies the response by replacing the relational field's reference value with a substitute value that does not reference any record in the second table. This ensures the query returns data from the first table without exposing restricted data from the second table. The substitute value may be a placeholder, null value, or other non-referential data. This approach enhances security by enforcing access controls at the relational field level while maintaining query functionality for authorized data.
15. The method of claim 14 , wherein: the method further comprises: for contexts of respective requests, identifying a context-specific substitute value for the relational field when requested in the context; and providing the record further comprises: responsive to a request in a context in which access to the second table is not permitted: identify the context-specific substitute value of the relational field for the context of the request; and provide the record responsive to the query with the context-specific substitute value for the relational field.
This invention relates to database systems that manage access to relational data while enforcing context-specific security policies. The problem addressed is ensuring data privacy and security by preventing unauthorized access to certain relational fields in a database, while still providing meaningful substitute values to maintain data integrity and usability. The method involves a database system that stores records with relational fields linking to entries in a second table. When a query requests a record, the system checks the context of the request to determine if access to the second table is permitted. If access is not permitted, the system identifies a context-specific substitute value for the relational field. This substitute value is tailored to the specific context of the request, ensuring that the response remains useful while adhering to security constraints. The system then provides the requested record with the substitute value in place of the restricted relational field, allowing the query to proceed without exposing sensitive data. The substitute values are predefined for different contexts, ensuring that the system can dynamically adapt to varying access permissions without requiring manual intervention. This approach enhances data security while maintaining the functionality of the database for authorized users. The method is particularly useful in environments where different users or applications require different levels of access to relational data.
16. The method of claim 14 , wherein: identifying the substitute value further comprises: for a particular context, storing, in the table, a context-specific copy of the record that is provided for requests in the particular context, and for respective contexts that are not permitted to access the second table, storing the substitute value for the relational field in the context-specific copy of the record; and providing the records further comprises: responsive to a request in a specific context, provide the context-specific copies of the record that is responsive to the query and for the specific context of the request.
This invention relates to data management systems that handle context-specific access to relational data. The problem addressed is ensuring that certain data fields are only accessible in specific contexts while maintaining data integrity and query efficiency. The system stores relational data in a primary table and uses a secondary table to manage substitute values for fields that should be restricted in certain contexts. For each restricted field, the system stores a substitute value in the secondary table, which is then used in context-specific copies of records. When a query is made in a particular context, the system provides only the context-specific copies of records that are permitted for that context, ensuring restricted fields are replaced with substitute values. This approach allows for efficient querying while enforcing context-specific access controls without modifying the original data structure. The system dynamically generates and stores context-specific copies of records, ensuring that only authorized data is exposed in each context. This method improves data security and compliance while maintaining performance in relational database systems.
17. The method of claim 16 , further comprising: responsive to updating an updated value of a non-relational field of the record represented by at least two context-specific copies, propagating the updated value of the non-relational field to all context-specific copies of the record.
This invention relates to data management systems, specifically handling non-relational data fields in records that are replicated across multiple context-specific copies. The problem addressed is ensuring data consistency when a non-relational field of a record is updated, particularly when the record exists in multiple context-specific copies. Non-relational fields are those that do not follow a predefined schema, such as JSON or XML data structures, which are commonly used in modern databases. The method involves detecting an update to a non-relational field of a record that has at least two context-specific copies. Upon detecting this update, the system automatically propagates the updated value of the non-relational field to all other context-specific copies of the same record. This ensures that all copies of the record remain synchronized, maintaining data consistency across different contexts. The propagation process may involve validating the updated value, transforming it if necessary to match the schema or requirements of the target context, and then applying the change to all relevant copies. This approach is particularly useful in distributed systems where records are replicated for performance, availability, or isolation purposes, ensuring that modifications to non-relational fields are reflected uniformly across all instances.
18. The method of claim 16 , wherein: storing the context-specific copy of the record further comprises: partitioning the record into a non-protected portion and the relational field; and storing the record as: one copy of the non-protected portion of the record, and context-specific copies of the relational field for the respective contexts; and providing the records further comprises: responsive to receiving a request in a selected context, for the respective records that are responsive to the query, provide: the one copy of the non-protected portion of the record; and the context-specific copy of the relational field according of the selected context of the request.
This invention relates to data management systems that handle records containing relational fields, addressing the challenge of maintaining data consistency while allowing context-specific variations of relational fields. The system stores records by partitioning them into a non-protected portion and a relational field. The non-protected portion is stored as a single copy, while the relational field is stored as multiple context-specific copies, each tailored to different contexts. When a query is received in a specific context, the system retrieves the single copy of the non-protected portion and the context-specific copy of the relational field that matches the query's context. This approach ensures that the non-protected portion remains consistent across all contexts, while the relational field can vary based on the context, improving flexibility and accuracy in data retrieval. The method is particularly useful in systems where relational fields must adapt to different operational or user-specific contexts without altering the core record data.
19. The method of claim 18 , wherein: respective access modes are applicable only to tables that satisfy at least one access mode condition; and storing the access mode further comprises: responsive to the configuration selection of the access mode, store the access mode for the relational field in the database configuration only after verifying that the table satisfies the access mode condition of the access mode.
This invention relates to database systems, specifically methods for managing access modes in relational databases. The problem addressed is ensuring that access modes, which define how data can be accessed or modified, are only applied to tables that meet specific conditions. This prevents incorrect or unauthorized access configurations. The method involves selecting an access mode for a relational field in a database. Access modes are predefined rules that dictate how data can be accessed, such as read-only, write-only, or restricted access. Before applying the access mode, the system verifies that the table containing the field satisfies at least one access mode condition. These conditions could include schema requirements, data type constraints, or security policies. If the table meets the condition, the access mode is stored in the database configuration. If not, the access mode is not applied, preventing potential errors or security vulnerabilities. This approach ensures that access modes are only applied to compatible tables, maintaining data integrity and security. The method is part of a broader system for configuring and enforcing access controls in relational databases, where access modes are dynamically assigned based on table properties. The verification step acts as a safeguard, ensuring that access configurations are valid and enforceable.
20. The method of claim 14 , further comprising: indicating an access mode for the relational field, wherein the access mode is selected from an access mode set comprising: a single-record master context access mode, and a duplicate-record access mode; and based on a configuration selection of an access mode for a relational field of a table, storing, in a configuration of the database, the access mode for the relational field of the table.
This invention relates to database systems, specifically methods for managing relational fields in a database to control access modes for data records. The problem addressed is the need to efficiently manage how relational fields are accessed, particularly when dealing with single-record master contexts versus duplicate records, to ensure data integrity and proper access control. The method involves defining an access mode for a relational field within a database table. The access mode is selected from a predefined set of options, including a single-record master context access mode and a duplicate-record access mode. The single-record master context access mode restricts access to a single master record, ensuring that only one instance of the relational field is accessible at a time, which is useful for maintaining consistency in master data. The duplicate-record access mode allows multiple records to be accessed simultaneously, which is useful for scenarios where duplicate or multiple instances of the relational field are permissible. Based on a configuration selection, the chosen access mode is stored in the database configuration for the relational field. This configuration ensures that subsequent access to the relational field adheres to the specified mode, enforcing the desired access behavior. The method improves database management by providing flexible and configurable access control for relational fields, enhancing data integrity and usability in different operational contexts.
Unknown
October 8, 2019
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.